{"id":55,"date":"2011-12-20T11:12:31","date_gmt":"2011-12-20T17:12:31","guid":{"rendered":"https:\/\/www.asberry.org\/blog_tech\/?p=55"},"modified":"2011-12-20T18:55:28","modified_gmt":"2011-12-21T00:55:28","slug":"installing-a-ssl-certificate-in-a-lamp-environment","status":"publish","type":"post","link":"https:\/\/asberry.org\/blog_tech\/?p=55","title":{"rendered":"Installing a SSL certificate in a LAMP environment"},"content":{"rendered":"

Wow, if you’re reading this you are doing so over a 256 bit encrypted link. \u00a0To give you an idea of what that means my bank only uses 128 bit encryption. \u00a0Now for a while I was doing this with a self signed certificate. \u00a0But then you run into all kinds of hassles that when you send a link to your non-geek friend they get all upset because they get a warning when they try to go to it. \u00a0Aside from that hassle (which I can live with) I ran into an issue with the flash uploader on my Gallery 3 site. \u00a0It seems that if you have a self signed certificate the flash uploader will not work leaving the only way to upload anything to the server was the ‘server add’ option that would have meant I whole bunch of work that I just didn’t feel like doing right now.<\/p>\n

The Solution? \u00a0Get a signed certificate from a CA. \u00a0Yeah that seems a little obvious but here’s the thing. \u00a0I’m not selling anything meaning I’m not making anything and I don’t really want to pay for it. \u00a0Free SSL certificates? \u00a0Turns out yes they do exist. \u00a0I went with StartSSL <\/a>and was very pleased with the\u00a0experience. \u00a0The first thing I had to do was start by validating my email and getting a certification for that and then it was time to get the SSL\/TLS Server cert. \u00a0Here is how I did it so I’ll know how to do it next time.<\/p>\n

Telnet into the server and issue the following command:<\/p>\n

\r\nopenssl req -new -newkey rsa:2048 -nodes -keyout myserver.key -out server.csr\r\n<\/pre>\n
This will give you two files.
\nmyserver.key: this is your encryption key.
\nserver.csr: this is the Certificate Signing Request that you will submit to the CA<\/p>\n
In my case (running Fedora Core 16) I placed the myserver.key file in the \/etc\/pki\/tls\/private\/ directory.
\nWhen you submit it to the CA, they will have you cut and paste the returned text into a ssl.cert file. Get that onto your server and I put it in \/etc\/pki\/tls\/certs\/. Then you need to find the ssl.conf file and change the SSLCertificateFile and SSLCertificateKeyFile file locations and names. Save the file, restart Apache and you are good to go.<\/p>\n
UPDATE
\nOkay, got home and got a message that I missed a couple of files.\u00a0 To this end let me say these are the files that were missing:<\/p>\n
SSLCertificateChainFile \/usr\/local\/apache\/conf\/sub.class1.server.ca.pem
\nSSLCACertificateFile \/usr\/local\/apache\/conf\/ca.pem<\/p>\n
I put them into \/etc\/pki\/tls and just linked them in the ssl.conf and it worked fine and seemed to fix any issues I saw so don’t forget to do this next time.<\/p>\n","protected":false},"excerpt":{"rendered":"
Wow, if you’re reading this you are doing so over a 256 bit encrypted link. \u00a0To give you an idea of what that means my bank only uses 128 bit encryption. \u00a0Now for a while I was doing this with a self signed certificate. \u00a0But then you run into all kinds of hassles that when […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[6],"tags":[],"class_list":["post-55","post","type-post","status-publish","format-standard","hentry","category-linux","author-aron"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p4bBkH-T","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/asberry.org\/blog_tech\/index.php?rest_route=\/wp\/v2\/posts\/55","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/asberry.org\/blog_tech\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/asberry.org\/blog_tech\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/asberry.org\/blog_tech\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/asberry.org\/blog_tech\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=55"}],"version-history":[{"count":5,"href":"https:\/\/asberry.org\/blog_tech\/index.php?rest_route=\/wp\/v2\/posts\/55\/revisions"}],"predecessor-version":[{"id":59,"href":"https:\/\/asberry.org\/blog_tech\/index.php?rest_route=\/wp\/v2\/posts\/55\/revisions\/59"}],"wp:attachment":[{"href":"https:\/\/asberry.org\/blog_tech\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=55"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/asberry.org\/blog_tech\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=55"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/asberry.org\/blog_tech\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=55"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}